Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-19932

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.

Published

2018-12-07T07:29:00.503

Last Modified

2024-11-21T03:58:50.103

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	binutils	≤ 2.31	Yes
Application	netapp	vasa_provider	≥ 7.2	Yes
Operating System	netapp	cluster_data_ontap	-	No

References

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html ([email protected])
http://www.securityfocus.com/bid/106144 Third Party Advisory, VDB Entry ([email protected])
https://security.gentoo.org/glsa/201908-01 ([email protected])
https://security.netapp.com/advisory/ntap-20190221-0004/ Patch, Third Party Advisory ([email protected])
https://sourceware.org/bugzilla/show_bug.cgi?id=23932 Exploit, Issue Tracking, Patch ([email protected])
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=beab453223769279cc1cef68a1622ab8978641f7 ([email protected])
https://usn.ubuntu.com/4336-1/ ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/106144 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201908-01 (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20190221-0004/ Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://sourceware.org/bugzilla/show_bug.cgi?id=23932 Exploit, Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=beab453223769279cc1cef68a1622ab8978641f7 (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4336-1/ (af854a3a-2127-422b-91ae-364da2661108)